diff --git a/src/api/routes/Root.ts b/src/api/routes/Root.ts
index 3e17b77..061e57d 100644
--- a/src/api/routes/Root.ts
+++ b/src/api/routes/Root.ts
@@ -1,6 +1,8 @@
 import os from 'os';
+import jwt from 'jsonwebtoken';
+import { TextChannel } from 'eris';
 import { Server } from '..';
-import { Route } from '../../class';
+import { RichEmbed, Route } from '../../class';
 
 export default class Root extends Route {
   constructor(server: Server) {
@@ -48,5 +50,25 @@ export default class Root extends Route {
         this.handleError(error, res);
       }
     });
+
+    // eslint-disable-next-line consistent-return
+    this.router.get('/verify', async (req, res) => {
+      if (req.query.t) {
+        try {
+          res.setHeader('Access-Control-Allow-Origin', '*');
+          const token = <any> jwt.verify(req.query.t.toString(), this.server.client.config.keyPair.privateKey);
+          const embed = new RichEmbed();
+          embed.setTitle('Referral Authorization');
+          embed.addField('Referred User', token.referredUserAndDiscrim, true);
+          embed.addField('Referrer User', token.referrerUsername, true);
+          embed.addField('Referral Code', token.referralCode, true);
+          const channel = <TextChannel> this.server.client.guilds.get('446067825673633794').channels.get('580950455581147146');
+          res.sendStatus(200);
+          return channel.createMessage({ content: `<@${token.staffUserID}>`, embed });
+        } catch {
+          return res.sendStatus(401);
+        }
+      }
+    });
   }
 }
diff --git a/src/api/static/verify.html b/src/api/static/verify.html
new file mode 100644
index 0000000..d13b168
--- /dev/null
+++ b/src/api/static/verify.html
@@ -0,0 +1,43 @@
+<!DOCTYPE html>
+<head>
+  <title>Referral Verification</title>
+  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
+  <script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
+  <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
+  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
+
+  <script>
+    async function submit() {
+      try {
+        const input = document.getElementsByClassName('form-control')[0];
+        const response = await fetch(`https://api.cloud.libraryofcode.org/verify?t=${input.value}`);
+        if (response.status === 200) alert('Request authorized. You may now close this tab.');
+        if (response.status === 401) alert('Authorization Token incorrect, try again.');
+        if (response.status >= 500) alert('INTERNAL SERVER ERROR');
+        alert('Authentication Complete.');
+      } catch (err) {
+        alert(err);
+      }
+    }
+  </script>
+</head>
+<body>
+  <h2>Referral Authorization Form</h2>
+  <p style="font-style: italic;">This form is for authorizing referral requests that you've provided to other users. If you've received this request from someone you don't recognize, please let us know right away.</p>
+  <div class="input-group mb-3">
+    <input id="auth" type="text" class="form-control" placeholder="Authorization Token" aria-label="Authorization Token" aria-describedby="basic-addon2">
+    <div class="input-group-append">
+      <button class="btn btn-outline-secondary" type="submit" onclick=submit()>Submit</button>
+    </div>
+  </div>
+
+  <script>
+    function listener(event) {
+      const input = document.getElementById('auth');
+      input.addEventListener('keydown', ({ key }) => {
+        if (key.toLowerCase() === "enter") submit();
+      });
+    }
+    listener();
+  </script>
+</body>
diff --git a/src/class/Server.ts b/src/class/Server.ts
index f778ef1..1ec9613 100644
--- a/src/class/Server.ts
+++ b/src/class/Server.ts
@@ -29,6 +29,7 @@ export default class Server {
   }
 
   private async loadRoutes(): Promise<void> {
+    this.app.use('/static', express.static(`${__dirname}/../api/static`));
     const routes = await fs.readdir(`${__dirname}/../api/routes`);
     routes.forEach(async (routeFile) => {
       if (routeFile === 'index.js') return;
diff --git a/src/commands/authreferral.ts b/src/commands/authreferral.ts
new file mode 100644
index 0000000..3d82770
--- /dev/null
+++ b/src/commands/authreferral.ts
@@ -0,0 +1,35 @@
+import jwt from 'jsonwebtoken';
+import { Message } from 'eris';
+import { Client, Command } from '../class';
+
+export default class AuthReferral extends Command {
+  constructor(client: Client) {
+    super(client);
+    this.name = 'authreferral';
+    this.description = 'Requests authorization for a referral.';
+    this.permissions = { roles: ['662163685439045632', '701454780828221450'] };
+    this.enabled = true;
+    this.aliases = ['auth'];
+    this.usage = `${this.client.config.prefix}authreferral <referral code | referring user> <referred member id>`;
+  }
+
+  public async run(message: Message, args: string[]) { // eslint-disable-line
+    try {
+      if (!args.length) return this.client.commands.get('help').run(message, [this.name]);
+      const referrer = await this.client.db.Account.findOne({ $or: [{ username: args[0] }, { referralCode: args[0] }, { userID: args[0].replace(/[<@!>]/gi, '') }] });
+      if (!referrer) return this.error(message.channel, 'Cannot find referrer.');
+      const referred = await this.client.getRESTGuildMember('446067825673633794', args[1]);
+      if (!referred) return this.error(message.channel, 'Cannot find referred member.');
+
+      const token = jwt.sign({ staffUserID: message.author.id, referralCode: referrer.referralCode, referrerUserID: referrer.userID, referrerUsername: referrer.username, referredUserID: referred.id, referredUserAndDiscrim: `${referred.username}#${referred.discriminator}` }, this.client.config.keyPair.privateKey, { expiresIn: '24 hours', issuer: 'Library of Code sp-us | Cloud Services Daemon' });
+      this.client.getDMChannel(referrer.userID).then((chan) => {
+        chan.createMessage(`__**Referral Request Authorization**__\nYour referral code has been used in an application recently submitted to us. We need to authorize this request, please visit https://loc.sh/rv and enter the authorization token below. This token expires in 24 hours. If you did not authorize this request, please contact us immediately by DMing Ramirez or opening a ticket at https://loc.sh/cs-help.\n\n\`${token}\``);
+      }).catch(() => {
+        this.error(message.channel, 'Could not DM referrer.');
+      });
+      return this.success(message.channel, `Sent authorization token to ${referrer.username}\n\`${token}\``);
+    } catch (error) {
+      return this.client.util.handleError(error, message, this);
+    }
+  }
+}
diff --git a/src/commands/index.ts b/src/commands/index.ts
index 66aa78c..26be518 100644
--- a/src/commands/index.ts
+++ b/src/commands/index.ts
@@ -1,5 +1,6 @@
 export { default as addreferral } from './addreferral';
 export { default as announce } from './announce';
+export { default as authreferral } from './authreferral';
 export { default as bearer } from './bearer';
 export { default as cloudflare } from './cloudflare';
 export { default as createaccount } from './createaccount';